Some customers of Air India’s Flying Returns program got a shock when they noticed that their frequent flyer accounts have been cleaned out and the miles used fraudulently.
It is assumed that whoever hacked these accounts then sold the tickets to unsuspecting people on the internet who then flew the mileage tickets off.
I found multiple articles about this but so far The Times of India (see here) had the most detailed infos.
Air India’s frequent flyers have been grounded, so to say, at least for the time being, after dozens of the airlines’ frequent flyer programme accounts were hacked . Highly placed sources told TOI that flying miles worth several lakhs [Note: one lakh equaling 100k] of rupees have been redeemed fraudulently. Senior officers of Delhi Police confirmed that at least 20 such accounts have been determined to have been hacked and flying miles worth Rs 16 lakh redeemed by the hackers.
Detailing the steps taken by Air India consequent to the detection of the hacking, Praveen Lal, manager (commercial), said, “All the affected membership accounts have been suspended so that no further activity can take place from these accounts. The affected user IDs have been deactivated along with user IDs that have identical user names and passwords . Also, all such user IDs that have not been active for the past three months have been deactivated.”
Many programs including American Airlines and United experienced fraud cases with their frequent flyer program which usually requires them to reinstate the miles for effected customers.
After the fraud was unearthed, the airline has been taking all the measures to ensure that its fliers don’t experience inconvenience or financial loss.
Seeking urgent help, the airline contact Delhi Police chief Alok Verma, who ordered a probe to be carried out on a priority. The cops and the airline are now tracking people whose tickets have been booked using the stolen flying miles. Scrutinizing this, the police believe, could lead them to the suspects.
On June 17 a flier named Ankit was identified as holding a suspect ticket. The cops have been supplied with his web check-in boarding card and his ticket for flight Ai 849 dated June 10. The police have contacted the passenger to find out which agent he had used to book the ticket.Sources in the police said that they suspected the role of a travel agency or an insider in the racket.
It’s uncommon that fraudsters and hackers use airline tickets for themselves due to the fact that they need to present their passport and therefore a real identity at some point. That’s why tickets are usually sold online or in shadowy travel agencies.
Though it’s impossible to shield yourself completely against hackers the best option is to choose unique passwords and absolutely avoid using ‘keychain’ applications and comprehensive ‘award wallets’ that offer to pool many loyalty programs into one online account. You never know what happens to these databases!